Application Security Engineer (Architecture team) - remote

Doxy.me
Posted 3 years ago
We Work Remotely

Help us build meaningful software in healthcare used by doctors, patients, and researchers worldwide. 

Our Company

Doxy.me is the simple, free, and secure telemedicine solution used by over 700,000 healthcare providers worldwide. Our mission is to eliminate barriers to telemedicine like cost and accessibility, so we are constantly striving to make doxy.me more accessible to everyone, everywhere. With over 500,000 telemedicine calls made through our platform every day, there are millions of people relying on us to simplify their healthcare services.

Our Culture
  • Collaborative. We have multiple cross-functional teams that work together to make our platform the best it can be. Our engineers enjoy being involved in identifying problems and exploring potential solutions.
  • Empathetic. We listen to and strive to understand the patients and providers that depend on our work. Millions of people depend on our products to solve their very real health problems every day!
  • Empowering. We are building products, where your ideas and expertise can help revolutionize the healthcare industry. We encourage our engineers to spearhead projects and ideas. Our employees have the power to create change!  

Overview
We are looking for an Application Security Engineer motivated by unique, interesting, meaningful challenges in the healthcare sector. What you will do affects hundreds of thousands doctors and patients every single day. You will perform important day-to-day activities in the platform security area that ensure that doxy.me’s code is secure and controls are operating efficiently and effectively. You will be working with the Security and Development teams to ensure our product is safe from malicious activity, vulnerabilities and accidental disclosure. This role will help build and advise on the systems and frameworks we use to keep the product safe. We're focused on secure-by-design frameworks, least privilege access, detection and alerting, and eliminating bugs.

What Will You Do
  • Serve as the subject matter expert for application security, providing guidance to Development, DevOps and Product teams
  • Design and implement SSDLC practices including secure code reviews, static/dynamic code analysis, and vulnerability assessments
  • Raise security awareness by pointing out potential security vulnerabilities and their potential impacts, during code reviews
  • Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application and infrastructure layers
  • Drive security improvements to production cloud environments

Our Expectations
  • Ability to dissect new systems, product requirements, features to identify and develop security requirements
  • Expertise in secure coding and performing automated or manual static analysis (Javascript preferable)
  • Hands-on experience in conducting penetration testing and vulnerability assessment
  • Hands-on experience in configuring and hardening cloud-based infrastructure (AWS preferable)
  • Familiar with Agile software development methodologies, DevOps practices and tools
  • Working experience with application security tools such as vulnerability scanners, SAST/DAST/IAST, Checkmarx. Snyk, Veracode or SonarQube
  • Knowledge of OWASP Top Ten, NIST, Mitre ATT&ck Framework., etc.
  • Good to have, but not required: security certifications such as OSCP, CEH, GWAPT, etc

Quick Info
  • Benefits: 20 days paid time off, sick leave, flexible public holidays, extensive educational program, Macbook, health insurance, office hub in Kyiv (Podil), remote working environment
  • Doxy.me tech stack: 
    • React, Node.js, Typescript, WebRTC, Loopback 4, AWS, Kubernetes, Docker, AngularJS
    • 3rd party: Tokbox, Pubnub, Segment, Twilio, Stripe
  • Our products: 
    • Doxy.me: The simple, free, and secure telemedicine solution currently used by over 700000 doctors worldwide and helping over 500000 patients/day. 
    • dokbot.io: Patient-focused data collection for healthcare. 
    • ItRunsInMyFamily.com: Using health history to identify the risks of cancer and other diseases that run in families
  • Our team: technologists, academics, researchers, and innovators from all over the world. English is the language used in all internal communication.
  • To ensure HIPAA compliance we perform background checks after extending a job offer.